CVE-2012-4049 — Code Injection in Wireshark

CWE-94 — Code Injection7 documents6 sources

Severity

2.9LOWNVD

EPSS

0.6%

top 31.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark Opensuse

Timeline

PublishedJul 24

Latest updateMay 14

Description

epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.

CVSS vector

AV:A/AC:M/C:N/I:N/A:PExploitability: 5.5 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/wireshark< wireshark 1.8.2-1 (bookworm)

▶Debianwireshark/wireshark< 1.8.2-1+3

▶NVDwireshark/wireshark24 versions+23

▶NVDopensuse/opensuse11.4, 12.1+1

Patches

Patch: anonsvn.wireshark.org ↗Patch: anonsvn.wireshark.org ↗

🔴Vulnerability Details

GHSA

GHSA-6m9p-64vv-xh22: epan/dissectors/packet-nfs↗2022-05-14

▶

OSV

CVE-2012-4049: epan/dissectors/packet-nfs↗2012-07-24

▶

📋Vendor Advisories

Red Hat

wireshark: Excessive CPU usage in NFS dissector↗2012-07-22

▶

Debian

CVE-2012-4049: wireshark - epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4....↗2012

▶

💬Community

Bugzilla

CVE-2012-4049 wireshark: Excessive CPU usage in NFS dissector↗2012-07-24

▶

Bugzilla

CVE-2012-4048 CVE-2012-4049 wireshark: Out-of-bounds memory write in PPP dissector [fedora-all]↗2012-07-24

▶